update con

2024-09-08 13:39:39 -05:00 · 2024-09-08 13:39:39 -05:00 · 001edf9832
commit 001edf9832
parent d7d5226ed2
15 changed files with 214 additions and 93 deletions
--- a/nixos/consensus/configuration.nix
+++ b/nixos/consensus/configuration.nix
@ -0,0 +1,67 @@
+{pkgs, ...}: {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+  environment.systemPackages = with pkgs; [
+    git
+    vim
+  ];
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = false;
+  swapDevices = [
+    {
+      device = "/var/swapfile";
+      size = 4 * 1024;
+    }
+  ];
+  networking = {
+    hostName = "consensus";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22
+        2022
+        6443
+        25565
+        30001
+        30303
+      ];
+      allowedUDPPorts = [
+        30001
+        30303
+      ];
+      logRefusedConnections = true;
+    };
+  };
+  services = {
+    k3s = {
+      enable = true;
+      role = "server";
+      extraFlags = toString [
+        "--disable=traefik"
+      ];
+    };
+    openssh = {
+      enable = true;
+      ports = [2022];
+      settings = {
+        PasswordAuthentication = false;
+        PermitRootLogin = "prohibit-password";
+      };
+    };
+  };
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
+    };
+    e = {
+      isNormalUser = true;
+      extraGroups = ["wheel"];
+      home = "/home/e";
+      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
+    };
+  };
+  security.sudo.wheelNeedsPassword = false;
+  nix.settings.trusted-users = ["e"];
+  system.stateVersion = "23.11";
+}
--- a/nixos/consensus/hardware-configuration.nix
+++ b/nixos/consensus/hardware-configuration.nix
@ -0,0 +1,10 @@
+{ lib, modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/nvme0n1";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/mapper/vg-root"; fsType = "btrfs"; };
+  fileSystems."/var" = { device = "/dev/mapper/vg-var"; fsType = "btrfs"; };
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}